A security researcher has released a proof-of-concept program that hackers could use to exploit Windows Vista digital rights management processes to hide malware. Alex Ionescu claims to have developed the program - D-Pin Purr v1.0 - that will arbitrarily enable and disable protected processes in Vista, Microsoft's latest operating system.

There will come a time when Vista's own 'features' are so good at protecting the wrong doers and so bad at protecting the actual user, (such as is DRM) that getting a piece of malware will be a re-install job instead of just running a scan. That's when the en-mass migrations will begin.

There will come a time when Vista's own 'features' are so good at protecting the wrong doers and so bad at protecting the actual user, (such as is DRM) that getting a piece of malware will be a re-install job instead of just running a scan. That's when the en-mass migrations will begin.

To a lesser or greater degree, it's already been like that for a few years.

On a side note, last weekend I was out laptop shopping with the girlfriend (for the girlfriend) and she had a budget of just £400. For that price you can get a reasonable system (and one that's more than capable for her needs) but every system had Vista pre-installed. I kept asking the shop-keepers if there was any way I can ditch Vista (as even the pricer systems in her budget only just met Vista minimum requirements) and install XP or Linux and they simply said it would be breaking the warrenty to install anything other than what was supplied. Very frustraiting (given that the laptop barely runs the OS even with Aero turned off)

Malware that manages to hind behind DRM certainly wouldn't help though. Reminds me of how Microsoft blocked Wine from Windows Update a while back. It did it by looking for a registry key. The block didn't last too long IIRC, as I bet someone realized some Malware could set the Wine reg key to make Windows Update think the infected OS was Wine Or maybe Wine removed that reg key..

Anyway, at least to run the binary to add and remove protection, users need to be running the code with elevated privileges.. Of course, with UAC popping up everywhere users are being trained to click OK all the time. Still, I guess it's better than running as admin by default and having no warning at all..

Some OEMs are quite happy to ship it though. A brand new Packard Bell machine I configured for a customer popped up a bubble on first boot from Windows Defender that two items were blocked as malware - Macrovision's DRM controller and updater app.

Windows users have been running malware for over a decade now, yet no one died because of it. They've learned to live with it and they will continue living with it. Please stop trying to use that and an excuse to stop the progress.

DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything.

Windows users have been running malware for over a decade now, yet no one died because of it.

Is that really your response? That is almost as arrogant as when Sony BMG said they didn't think people knew what rootkits were so why should they care. What malware have all us Windows users been running for over a decade by the way? Care to elaborate on that?

DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything.

Did I say almost as arrogant as Sony? I think you have them beat actually. Everyone is a thief is basically what you are saying? No one can be trusted. That's a really nice attitude.

/*If people could actually exercise their fair-use rights correctly (without DRM in the way, including CSS) there would probably be less piracy all along.*/

people were given the chance to use a free DRM OS ,but what did the users do, they started downloading pirated: movies,music,video games, because they taught they were being smart, well, they only harm themselves, now, they have to use an OS that is in police state.

people were given the chance to use a free DRM OS ,but what did the users do, they started downloading pirated: movies,music,video games, because they taught they were being smart, well, they only harm themselves, now, they have to use an OS that is in police state.

So by your thinking, to draw an analogy, because despite never having used illegal drugs I now need to serve a term in prison because I also failed to club drug-dealers over the head?

I hope you never get to run that "police state", because I have an idea that living in Mao's China might be preferable.

/* I hope you never get to run that "police state", because I have an idea that living in Mao's China might be preferable.*/

oh,no, I'm not evil like the corporations; if the users would realize the corporations are in control,alot of this nonsense like DRM would not exist.
more dumb things the users keep doing like download pirated contents the more nonsense like drm
are brought upon the users by the corporations to protect there beloved shareholders and profits.

people were given the chance to use a free DRM OS ,but what did the users do, they started downloading pirated: movies,music,video games, because they taught they were being smart, well, they only harm themselves, now, they have to use an OS that is in police state.

DRM does nothing to hinder downloads. It limits the usefulness only of legitimate purchases, now including hardware (HDCP). The industry is lashing out at their customers, propping up their non-customers as the excuse, when in reality, it's all about the system of If Value, Then Right.

People were given the chance just to pirate the movie and have complete freedom with it, but what did they do? They started buying DVDs, WMAs, and video games, thinking they were being smart; well, they'll only harm themselves, because now they have to buy another copy for their iPod, another copy for their PSP, another copy for the car, another copy for dad's house, another copy that plays in Europe, and another copy for a higher resolution.

Piracy sucks ethically and economically, but the MPAA is working very hard to make it the practical choice. At least with maritime law, you own what you have.

/* People were given the chance just to pirate the movie and have complete freedom with it, but what did they do? They started buying DVDs, WMAs, and video games, thinking they were being smart; well, they'll only harm themselves, because now they have to buy another copy for their iPod, another copy for their PSP, another copy for the car, another copy for dad's house, another copy that plays in Europe, and another copy for a higher resolution. */

well, study harder, get a better higher paying job to be able afford all of that
because with the corporations running the show, it's going to get worse.look around you everything is own by an corporation, they can do what ever they want.

"Windows users have been running malware for over a decade now, yet no one died because of it."

That's why more than 90% of the worldwide email transfer amount (that is what the mailservers handle) is SPAM...

"They've learned to live with it and they will continue living with it."

No, they've learned to ignore it.

"DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything."

Ah, the user as the main problem... :-) I would not try to say anything else because in many cases it's true. But what about system administrators or software engineers? Shouldn't they be more intelligent individuals (sorry), with moral imaginations and educated judging?

Maybe DRM may be useful for something, but actually, it is abused for crippling file content and making media unuseable.

Windows users have been running malware for over a decade now, yet no one died because of it. They've learned to live with it and they will continue living with it. Please stop trying to use that and an excuse to stop the progress.

DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything.

I sure hope that's sarcasm, because clearly, the only reason anyone arrogant enough to say that seriously doesn't deserve to have his (or her) brain curdled to custard is because anyone who says that must have already had that done to them.

> Windows users have been running malware for over a
> decade now, yet no one died because of it.

Identity theft and computer hijacking are serious problems. Maybe you feel comfortable letting anonymous strangers access your private information, your financial information, and being able to use your computer as a hub for kiddie porn and having the police confiscate your computer or worse, but the average person (if they knew and understood the risks) wouldn't.

Malware may not cause someone to die, but it can certainly ruin a life. As you mention, this diminish the bad aspects of DRM. It does, however highlight how DRM can be used by malware to lock you out of your own computer.

"DRM, on the other hand, is an integral part of any modern operating system because, clearly, users simply can not be trusted with, well, pretty much anything."

I'm not sure if you realize it but that's a horrible thing to say. Quite honestly, I find such a statement more than a little insulting.

Please stop trying to use that and an excuse to stop the progress.

I conduct all of my music listening and movie viewing within the limits of the law. The RIAA and MPAA have repeatedly operated outside the boundry of what I consider ethical behavior. They sue children, dead people, serve notices to colleges for alleged downloading from IP blocks that never existed. Several RIAA afiliated companies have been found guilty of illegal price fixing.

Explain to me why I should TRUST these companies.

Explain why the RIAA/MPAA telling me that I am not to be trusted suggests progress.